chore(deps): update dependency n8n to v1.52.2

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
n8n (source)	minor	1.51.2 -> 1.52.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

n8n-io/n8n (n8n)

v1.52.2

Compare Source

Bug Fixes

• core: Restore log event n8n.workflow.failed (#​10253) (70aa8fd)
• editor: Fix workflow execution list scrolling after filter change (#​10226) (c2e37cb)

v1.52.1

Compare Source

Bug Fixes

• editor: Fix issue with existing credential not opening in HTTP agent tool (#​10167) (0e448dc)

v1.52.0

Compare Source

Bug Fixes

• core: Fix handling of common events for relays (#​10135) (d2a3a4a)
• core: Fix SSH Tunnels when using private key (#​10148) (a96db34)
• core: Metadata inserts using existing IDs and failing with postgres (#​10108) (4547a49)
• core: Respect prefix for all Prometheus metrics (#​10130) (b1816db)
• core: Support branches containing slashes in source control (#​10109) (03a833d)
• core: Support execution recovery when saving execution progress (#​10104) (d887c82)
• editor: Allow $secrets to resolve on credentials (#​10093) (bf57f38)
• editor: Fix saving and connecting on LDAP setup form (#​10163) (30784fb)
• editor: Fix updating/uninstalling community nodes (#​10138) (de015ff)
• editor: Remove "move" action from workflow and credential on community plan (#​10057) (5a9a271)
• editor: UX Improvements to RBAC feature set (#​9683) (028a8a2)
• HelpScout Node: Fix issue with thread types not working correctly (#​10084) (68d3beb)
• MQTT Node: Node hangs forever on failed connection (#​10048) (76c2906)
• n8n Form Trigger Node: Execution from canvas (#​10132) (b07c5e2)
• Notion Node: Fix issue preventing some database page urls from working (#​10070) (7848c19)
• RabbitMQ Node: Fix issue with arguments not being sent (#​9397) (1c666e6)

Features

• editor: Split Tools and Models into sub-sections (#​10159) (3846eb9)
• Introduce Azure Key Vault as external secrets provider (#​10054) (1b6c2d3)
• Pinecone Vector Store Node, Supabase Vector Store Node: Add update operation to vector store nodes (#​10060) (7e1eeb4)
• Send Email Node: Smtp credential improvements (#​10147) (dc13ceb)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/n8n:1.52.2

📦 Image Reference ghcr.io/uniget-org/tools/n8n:1.52.2

digest	sha256:62f5341123275ba3ccdf83b10a3a760775ba245d7c18072eb6dbdf9532c11cdc
vulnerabilities
platform	linux/amd64
size	157 MB
packages	1397

protobufjs 7.2.4 (npm) pkg:npm/protobufjs@7.2.4 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Affected range >=7.0.0 <7.2.5 Fixed version 7.2.5 CVSS Score 9.8 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Description protobuf.js (aka protobufjs) 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about Object.constructor.prototype.<new-property> = ...; whereas CVE-2022-25878 was about Object.__proto__.<new-property> = ...; instead.

pdfjs-dist 2.16.105 (npm) pkg:npm/pdfjs-dist@2.16.105 Affected range <=4.1.392 Fixed version 4.2.67 Description Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval: mozilla/pdf.js#18015 Workarounds Set the option isEvalSupported to false. References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

fast-xml-parser 4.2.5 (npm) pkg:npm/fast-xml-parser@4.2.5 Uncontrolled Resource Consumption Affected range <4.4.1 Fixed version 4.4.1 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description Summary A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10 contains a vulnerable regex PoC pass the following string '\t'.repeat(13337) + '.' Impact Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library https://gauss-security.com

identity 3.4.2 (npm) pkg:npm/%40azure/identity@3.4.2 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Affected range <4.2.1 Fixed version 4.2.1 CVSS Score 5.5 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Description Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability.

semver 5.3.0 (npm) pkg:npm/semver@5.3.0 Inefficient Regular Expression Complexity Affected range <5.7.2 Fixed version 5.7.2 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Description Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/10184177518.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/10184177518.